Re: /dev/vcs* perms (was: Re: should fte provide /usr/bin/editor?)
Miquel van Smoorenburg writes:
> >Login does something different: it can optionally put someone who logs in
> >in certain groups. In /etc/login.defs I have the following line:
> >
> >CONSOLE_GROUPS floppy:audio:cdrom
> >
> >This puts everyone who logs in on the console in groups floppy, audio and
> >cdrom. Now if only xdm could do the same for everyone who logs in on
> >the local console...
>
> So, I can login on the console, copy a shell to /tmp, and do:
>
> chgrp audio /tmp/bash
> chmod 2775 /tmp/bash
>
> and then I can use /dev/audio (+cdrom+floppy) even when I'm not logged
> in on the console.
>
> Looks like a security hole to me.
Sure. Maybe it should be better to mix the 2 ideas; ie. hacking PAM,
but to make it handle the perms in /dev (ala Solaris or so) instead of
the group. That's exactly what we want, anyway.
--
Yann Dirson <dirson@univ-mlv.fr> | Stop making M$-Bill richer & richer,
alt-email: <ydirson@a2points.com> | support Debian GNU/Linux:
| more powerful, more stable !
http://www.a2points.com/homepage/3475232 |
-----------------------------------------
A computer engineer's looking for a job !
-----------------------------------------
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: